CyberAlerts

Description: Threat Actor Database

Source: DarkWebInformer

January 12th, 2025 (6 months ago)

Phishing texts trick Apple iMessage users into disabling protection

Description: Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...]

Source: BleepingComputer

January 12th, 2025 (6 months ago)

Skillz (303) Claims to be Selling Shell Access to Habbo

Description: Skillz (303) Claims to be Selling Shell Access to Habbo

Source: DarkWebInformer

January 12th, 2025 (6 months ago)

Pastor who saw crypto project in his "dream" indicted for fraud

Description: A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. [...]

Source: BleepingComputer

January 12th, 2025 (6 months ago)

SuperDraft - 300,187 breached accounts

Description: In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, transactions, latitudes and longitudes, dates of birth and bcrypt password hashes.

Source: HaveIBeenPwnedLatestBreaches

January 12th, 2025 (6 months ago)

IntelBroker Claims to have Leaked the Data of Capital Markets Elite Group

Description: IntelBroker Claims to have Leaked the Data of Capital Markets Elite Group

Source: DarkWebInformer

January 12th, 2025 (6 months ago)

CVE-2025-23109

Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox...

Description: Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134.

EPSS Score: 0.04%

Source: CVE

January 12th, 2025 (6 months ago)

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab....

Description: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134.

EPSS Score: 0.04%

Source: CVE

January 12th, 2025 (6 months ago)

CVE-2024-6923

Email header injection due to unquoted newlines

Description: There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.

EPSS Score: 0.04%

Source: CVE

January 12th, 2025 (6 months ago)

CVE-2024-57881

mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()

Description: In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page. So far this was found by code inspection, but let's just CC stable as the fix is easy.

EPSS Score: 0.04%

Source: CVE

January 12th, 2025 (6 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

	Threat Actor Database Description: Threat Actor Database Source: DarkWebInformer January 12th, 2025 (6 months ago)
	Phishing texts trick Apple iMessage users into disabling protection Description: Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...] Source: BleepingComputer January 12th, 2025 (6 months ago)
	Skillz (303) Claims to be Selling Shell Access to Habbo Description: Skillz (303) Claims to be Selling Shell Access to Habbo Source: DarkWebInformer January 12th, 2025 (6 months ago)
	Pastor who saw crypto project in his "dream" indicted for fraud Description: A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. [...] Source: BleepingComputer January 12th, 2025 (6 months ago)
	SuperDraft - 300,187 breached accounts Description: In October 2024, the fantasy sports platform SuperDraft suffered a data breach that exposed over 300k customer records. The breach contained 24GB of data including email addresses, usernames, transactions, latitudes and longitudes, dates of birth and bcrypt password hashes. Source: HaveIBeenPwnedLatestBreaches January 12th, 2025 (6 months ago)
	IntelBroker Claims to have Leaked the Data of Capital Markets Elite Group Description: IntelBroker Claims to have Leaked the Data of Capital Markets Elite Group Source: DarkWebInformer January 12th, 2025 (6 months ago)
CVE-2025-23109	Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox... Description: Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. EPSS Score: 0.04% Source: CVE January 12th, 2025 (6 months ago)
CVE-2025-23108	Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab.... Description: Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. EPSS Score: 0.04% Source: CVE January 12th, 2025 (6 months ago)
CVE-2024-6923	Email header injection due to unquoted newlines Description: There is a MEDIUM severity vulnerability affecting CPython. The email module didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. EPSS Score: 0.04% Source: CVE January 12th, 2025 (6 months ago)
CVE-2024-57881	mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() Description: In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page. So far this was found by code inspection, but let's just CC stable as the fix is easy. EPSS Score: 0.04% Source: CVE January 12th, 2025 (6 months ago)